CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49741 – fbdev: smscufx: fix error handling code in ufx_usb_probe
https://notcve.org/view.php?id=CVE-2022-49741
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: fix error handling code in ufx_usb_probe The current error handling code in ufx_usb_probe have many unmatching issues, e.g., missing ufx_free_usb_list, destroy_modedb label should only include framebuffer_release, fb_dealloc_cmap only matches fb_alloc_cmap. My local syzkaller reports a memory leak bug: memory leak in ufx_usb_probe BUG: memory leak unreferenced object 0xffff88802f879580 (size 128): comm "kworker/0:7", pid 174... • https://git.kernel.org/stable/c/3b3d3127f5b4291ae4caaf50f7b66089ad600480 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49740 – wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads
https://notcve.org/view.php?id=CVE-2022-49740
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count value of channel specifications provided by the device is greater than the length of 'list->element[]', decided by the size of the 'list' allocated with kzalloc(). The patch adds checks that make the functions free the buf... • https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49739 – gfs2: Always check inode size of inline inodes
https://notcve.org/view.php?id=CVE-2022-49739
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when reading inodes from disk (gfs2_dinode_in()). This prevents us from on-disk corruption. The two checks in stuffed_readpage() and gfs2_unstuffer_page() that just truncate inline data to the maximum allowed size don't actually make sense, and they can be removed now as well. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49738 – f2fs: fix to do sanity check on i_extra_isize in is_alive()
https://notcve.org/view.php?id=CVE-2022-49738
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline] BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline] BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Read of size 4 at addr ffff888076557568 by task kwo... • https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52941 – can: isotp: split tx timer into transmission and timeout
https://notcve.org/view.php?id=CVE-2023-52941
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frames and the echo frames This led to larger txstate checks and potentially to a problem discovered by syzbot which enabled the panic_on_warn feature while testing. The former 'txtimer' function is split into 'txfrtimer... • https://git.kernel.org/stable/c/866337865f3747c68a3e7bb837611e39cec1ecd6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52939 – mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()
https://notcve.org/view.php?id=CVE-2023-52939
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU pages"), hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg could be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could occurs a NULL pointer dereference, let's do not record the foreign writebacks for folio memcg is null in mem_cgroup_track_foreign_dirty() to fix it. In the Lin... • https://git.kernel.org/stable/c/97b27821b4854ca744946dae32a3f2fd55bcd5bc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52938 – usb: typec: ucsi: Don't attempt to resume the ports before they exist
https://notcve.org/view.php?id=CVE-2023-52938
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not yet registered. In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not ... • https://git.kernel.org/stable/c/9222912924fcf56e2d166a503eddbdb5ffd2005f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52937 – HV: hv_balloon: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-52937
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: HV: hv_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: HV: hv_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() th... • https://git.kernel.org/stable/c/d180e0a1be6cea2b7436fadbd1c96aecdf3c46c7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52936 – kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-52936
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling deb... • https://git.kernel.org/stable/c/066ecbf1a53eb0b92b10c8df7808666be6ea5681 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52935 – mm/khugepaged: fix ->anon_vma race
https://notcve.org/view.php?id=CVE-2023-52935
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anon_vma lock (if the VMA is associated with an anon_vma), and the mapping lock (if the VMA is associated with a mapping); and so to be able to remove page tables, we must hold all three of them. retract_page_tables() bails out if an ->anon_vma is at... • https://git.kernel.org/stable/c/f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 • CWE-416: Use After Free •